'I can't peer my nodes using HASHICORPS vault solution with raft

Im trying to set up a 2nodes Vault ( I know that I should use 3 but for now for test I use 2) with raft HA. For the try I did this morning I used this config file for both node

storage "raft" {
  path    = "./vault/data"
  node_id = "node1"
retry_join{
leader_api_addr="http://public ip of the other node:8200"
}
}
listener "tcp"{
address ="0.0.0.0:8200"
tls_disable="true"
}
api_addr = "http://public ip of this node:8200"
cluster_addr = "http://public ip of this node:8201"
ui = true
disable_mlock=true

Then did

sudo vault server -config=/etc/vault.d/vault.hcl

On both nodes.

Then on node 1 :

export VAULT_ADDR=http://private ip of this node:8200
Vault operator init
vault unseal ( first one )
vault unseal (second one )
vault unseal (third one)
vault login ( with root token)

Then on node 2

export VAULT_ADDR=http://private ip of this node:8200
vault operator join "http://public ip of my first node"

Unfortunatly it doesn't work I have after 50 seconds this error :

Error picture after trying to join first node Note that in the logs text I can see that my node is trying to join my first vault but it doesn't work :

Logs of second node

After those fail I try to unseal my second node Then if I unseal my second node :

vault operator init
vault unseal ( first one with the unseal key gave on node 2)
vault unseal ( second one with the unseal key gave on node 2)
vault unseal ( third one with the unseal key gave on node 2)
vault login (with root token)
vault operator raft join "http://public ip of my first node:8200"
Key       Value
---       -----
Joined    true

So now I have an answer after trying vault operator raft join "http://public ip of my first node:8200"

Then if i check on node 1 if my second node joined I have this :

vault operator raft list-peers
Node     Address                                     State     Voter
----     -------                -----     -----
node1    public ip of this node:8201    leader    true

So it's prety problematic because either I don't have any answer when trying to join my vault or if i Unseal the second node I have a fake answer. I'm trying to explain you in details my procedure to make it easier to find my mistake

nodeshashicorp-vaultraftvault


Solution 1:[1]

Ok, so my problem came from the fact that I had the wrong configuration for my VM's and they couldn't communicate with each other (face palm). For those who wonder if my config files are good, just put private ip's instead of public ip's and everything should be good. :)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 ouflak

Related Questions

Building general trees in java (with recursion)

Nodejs getting error while download files using FTP

Styling and organizing nodes inside a scene

ERROR: Unable to start Group Replication 3096 (HY000) Can't add nodes to cluster INNODB

loopyWriter.run returning. connection error: desc = "transport is closing"

Godot - get_node: Node not Found - GDScript

R phylo object: how to connect node label and node number

How to select the first element with a specific element using XPath

Private BSC node too low number of requests per second from remote client

Get list of all possible Paths with a start node and many end nodes C#

Java - Predicate to find Node with set value

converting one form of json into another form of json object using javascript / node js

How to deploy multiple Jenkins jobs in the same node?

3d-force-graph node caption behave like a (single) clickable url link

Multiple SQL querys in NodeJS